Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Customer Case Study Client: Location: Profile:

advertisement 
Customer Case Study
BankAtlantic
Client:
“With BindView, we have increased efficiency, gained a more secure
environment and a better security profile, and increased our economies
of scale.”
BankAtlantic
BindView enables BankAtlantic to improve security, reduce costs, and pass regulatory audits.
Jim Trautwein,
Manager of Information Security
Location:
Ft. Lauderdale, FL
Profile:
BankAtlantic operates in Florida with
75 branches and almost $6 billion in
assets. Like many financial organizations,
BankAtlantic is committed to doing
everything possible to ensure the security
and integrity of the bank’s customer
information. So when their regulator
recommended that BankAtlantic look at
acquiring products like those from
BindView – BankAtlantic began looking for
solutions that would help them secure,
monitor and control their Windows
environment. After evaluating several
solutions, BankAtlantic chose BindView’s
Financial Security Solutions.
Industry:
Financial
Annual Revenue:
Challenge
BankAtlantic operates in Florida with 75 branches and almost $6 billion in assets. Like
many financial organizations, BankAtlantic is committed to doing everything possible to
ensure the security and integrity of the bank’s customer information. So when their regulator
recommended that BankAtlantic look at acquiring products like those from BindView –
BankAtlantic began looking for solutions that would help them secure, monitor and control
their Windows environment. After evaluating several solutions, BankAtlantic chose BindView’s
Financial Security Solutions.
One of the bank’s first requirements was to find a tool that would help them establish a clean
Windows NT environment during their migration from NetWare. They wanted to ensure
that they did not migrate any security holes or flaws to their new environment. BankAtlantic
chose BindView’s bv-Control for NetWare product to find and clean security holes before
the migration. Another requirement was a solution to enhance the ongoing security of the
Windows NT environment. As manager of information systems, Jim Trautwein, stated “We
really needed a product that enhanced the security features of Windows NT. Most people
know that NT does not have some of the security capabilities you need to segregate functions
among employees in a decentralized environment. We wanted to restrict the access and
capabilities available to employees. The bv-Admin family of products actually overlays the
NT environment and enhances it, allowing us to segregate functions. We can restrict access at
a user level and a function level to help us comply with security best practices.”
6 billion +
Solutions:
Vulnerability Management
– bv-Control® for Windows®
– bv-Control® for Microsoft® Exchange
Directory Administration and Migration
– bv-Admin® for Windows®
Benefits:
• Savings of valuable time and money
• Heightened IT security and compliance
checks
• Efficient administration of Windows,
Exchange environments
• Labor-intensive tasks automated and
performed instantly
• Increased efficiency and economies of scale
“We did not originally select BindView’s Financial Security Solutions for audits – but
they have become instrumental for internal, external and regulatory assessments.”
Marion Lang,
Manager of Information Security
Generically, examiners and auditors look at:
•
•
•
•
•
•
How you are enforcing security policies
How you are managing user accounts – including password policies
How you are terminating accounts when employees leave
How you are modifying accounts when employees change positions
How you create new accounts
How you administer the account overall – is it well controlled; can information be
accessed easily?
Ideally the bank should have policies in place for ensuring the security of the environment as
well as processes in place for enforcing the policies. While BankAtlantic had the policies, they
found them difficult to enforce manually because doing so was a time-consuming task.
“BindView provides the overview and control features for the Windows environment that the
NT product didn’t,” Lang explained.
“This helps to satisfy the regulators who are looking for best practices, regulatory
compliance, and the ability to delegate limited functionality, such as password resets
to the Help Desk. BindView helps us gain efficiency without sacrificing security.”
Marion Lang,
Manager of Information Security
Solution
Although BindView was selected primarily for security, the bank management had not
realized how useful it would be for auditing purposes as well. While the bank is audited by
internal auditors as well as the federal regulatory agency that governs them, these audits occur
on a periodic basis. BankAtlantic wanted to ensure that they were adhering to policies on an
ongoing basis. They run varying bv-Control reports on a daily, weekly, and monthly basis to
locate vulnerabilities and correct them.
They also use BindView’s bv-Admin solutions for auditing purposes. “bv-Admin makes
administration more auditable,” explained Lang. “We can see what the administrator is doing.
Who took what action. It is also very helpful that, from one console, we can view both NT
and Exchange data.” “This results in better accountability and audit-ability for the people
handling account changes. We can track what was done and when,” explained Trautwein.
Like most organizations, BankAtlantic has security policies and practices in place. One of the
challenges they faced was that while the organization was growing, the security staff was not.
How could BankAtlantic monitor the policies on an ongoing basis? That’s where BindView
solutions step in. Security and administration teams often have to make decisions on a daily
basis on whether they try to protect their environment or whether they accomplish more
“visible” tasks. Every organization wants a secure environment. But many are not always
willing to spend the time and resources it takes to manually achieve a secure environment.
That’s where BindView solutions help.
With BindView, performing security checks can be done in a fraction of the time it would
take to do with native tools. For example, Lang said that using native tools to search for
users that were not required to change their NT passwords during the migration would take
approximately one day. She knew the task was important, but often didn’t have a full day to
devote to one task. With BindView, she was able to find the same information in about ten
minutes. Now, every evening she runs a variety of automated reports, and has the results
waiting on her PC when she arrives the following morning.
Another concern that BankAtlantic had was password resets. As many as 10 percent of all calls
to the Help Desk concerned password resets. BankAtlantic wanted to monitor these requests
to determine which employees needed to be retrained (often the same people needed their
passwords reset time after time). But BankAtlantic also wanted to look for accounts possibly
targeted for hijacking.
As Trautwein explained, “We want to know if someone calls in and represents himself
incorrectly so he can get into an account. As a result, did the legitimate user have to call back
in and reset it again? Banking is no different than most other industries. Fraud and hacking can
be committed from inside as well as outside the organization. So we have to be as diligent with
our own users as we are with our customers and people from the outside.” To keep track of
password resets, Lang runs BindView’s pre-defined password reset report every evening. This
helps BankAtlantic monitor suspect accounts.
Lang had performed her own assessment of security tools before joining BankAtlantic. Once
on board, she was pleased to find they both had independently selected BindView’s Financial
Security Solutions. Many factors went into the decision to license BindView products. While
some tools provide a good snapshot of what’s going on in the network, they don’t allow
administrators or security personnel to fix it. Finding the problem is only part of the solution.
Often fixing the issue can be even more resource intensive than finding it. BindView provides
both the ability to find and fix problems.
The security group at BankAtlantic is a small team responsible for a big task, and Lang is the
“watchdog” for the bank. Her role includes ensuring that security policies are being adhered
to, that the bank’s risk litigation is low, that risk avoidance is on track, and that employees
are properly trained. A small staff with such a workload couldn’t expect to be proficient in
numerous tools to get everything accomplished. Additionally, the bank couldn’t expect
to receive budget approval for numerous point products. BankAtlantic needed one suite of
products that would allow the team to accomplish as much as possible. BindView Financial
Security Solutions fit those needs. Trautwein explained, “The comprehensiveness was
probably the most compelling reason to select BindView. In order to accomplish the same types
of tasks, we’d need multiple tools from other vendors.”
Results
BankAtlantic had done a thorough product evaluation before they purchased, and they had
been very pleased with BindView’s technical support. However, many organizations find
out the hard way that more effort is often made up front to “get the sale” and the same level
of support does not always continue after the sale. Not so with BindView. Trautwein stated,
”BindView has been extremely responsive to our needs. BindView really wanted to make sure
that we were happy with the product; that our people understood what the product could do
and how it could do it. They wanted to make sure that everything was set up properly so that
it runs at optimum performance. I cannot think of a single time we’ve had an issue where
BindView was not very responsive to fixing it to our satisfaction. That goes a long way.”
What do the combination of comprehensive products and responsive support mean to
BankAtlantic? BindView’s Financial Security Solutions enable BankAtlantic to better control
and monitor what rights their administrators, desktop technicians, security administrators and
help desk personnel have in NT and Exchange. In addition, BindView helps the security team
stay on top of NT and Exchange security. With BindView, they can quickly and easily run
reports on almost any aspect of security. Trautwein sums up the benefits that BankAtlantic has
achieved, “With BindView, we increased efficiency, gained a more secure environment and a
better security profile, and increased our economies of scale.”
BindView Corporation
Toll Free: 1-800-749-8439 | Worldwide: 1-713-561-4000 | Fax: 713-561-1000 | Email: info@bindview.com
5151 San Felipe, Suite 2500 | Houston, Texas 77056 | www.bindview.com
© 2003 BindView Corporation. All rights reserved. BindView, the BindView logo, and the BindView product names used in this document are trademarks of
BindView Corporation and may be registered in one or more jurisdictions. The names of products of other companies mentioned in this document, if any, may be
the registered or unregistered trademarks of the owners of the products.
0774 CS0006 09.03
Related documents
Password cracking software
Password cracking software
The Pros and Cons of Hiring Hackers
The Pros and Cons of Hiring Hackers
Network Intrusion Case Study
Network Intrusion Case Study
Windows 2000 Security Audit & Control
Windows 2000 Security Audit & Control
QUICK SIGN ON CHECKLIST
QUICK SIGN ON CHECKLIST
Download
advertisement